Security Risks and Operational Challenges in Large Language Model (LLM) Applications
Organizations deploying large language model (LLM) applications face significant security and operational risks, including unbounded resource consumption, novel attack vectors, and the need for advanced anomaly detection. Attackers can exploit LLMs by submitting massive, compute-intensive requests, leading to "denial of wallet" attacks that can drain cloud budgets and disrupt business operations. The OWASP Top 10 for LLMs highlights unbounded consumption as a critical vulnerability, emphasizing the importance of implementing resource controls and monitoring usage patterns to prevent financial and service impacts. Additionally, the Model Context Protocol (MCP) introduces new security challenges, as traditional rule-based and signature-based systems are inadequate for detecting sophisticated, context-dependent threats targeting LLM infrastructure.
To address these evolving risks, security teams are adopting AI-driven anomaly detection and exposure management strategies that prioritize real, exploitable risks over alert volume. The shift from reactive monitoring to proactive observability and context-aware security is essential for protecting LLM-powered platforms. As threat actors increasingly leverage LLMs to enhance their campaigns, defenders must invest in specialized, security-focused LLMs and scalable infrastructure to keep pace with adversaries and safeguard critical AI assets.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
AI-driven anomaly detection promoted for MCP security
A Security Boulevard article described the growing need for AI-based anomaly detection to secure Model Context Protocol deployments against threats such as abnormal access, data exfiltration, prompt injection, and tool poisoning. It recommended continuous monitoring, explainability, automation, and integration with broader security controls.
OWASP LLM10 unbounded consumption guidance highlighted
A StackHawk article outlined the risks of 'unbounded consumption,' identified as LLM10 in the OWASP Top 10 for LLM Applications (2025), describing how attackers can abuse LLM resource usage to cause service disruption, financial loss, and model extraction. It also summarized layered mitigations such as input validation, rate limiting, cost controls, and monitoring.
CrowdStrike expands GenAI model training for cybersecurity use cases
CrowdStrike said it is investing heavily in training large language models tailored for cybersecurity, including long-context and multi-modal models for tasks such as malware and binary analysis. The company described using Google Cloud Vertex Training Platform, distributed computing, synthetic data generation, and observability tooling to scale this work.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Understanding and Protecting Against LLM10: Unbounded Consumption
stackhawk.com
Open sourceAI-Driven Anomaly Detection for MCP Security.
securityboulevard.com
Open sourceHow CrowdStrike Trains GenAI Models at Scale Using Distributed Computing
crowdstrike.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Enterprise Security Risks and Criminal Abuse of Large Language Models
The widespread integration of large language models (LLMs) into enterprise environments is introducing new security risks at every layer of the technology stack. Security leaders are being urged to rethink traditional trust boundaries, as LLMs can alter assumptions about data handling, application behavior, and internal controls. Key risks include prompt injection, sensitive data leakage through inputs and outputs, and fragmented ownership of LLM-related security responsibilities. Experts emphasize the need to treat LLMs as untrusted compute and to enforce explicit policy and validation layers, rather than relying solely on prompt engineering or fine-tuning. Meanwhile, cybercriminals are actively exploiting the popularity of LLMs by selling discounted access to mainstream AI tools such as ChatGPT, Perplexity, and Gemini on underground forums. These tools are being used by threat actors for a range of malicious activities, including phishing, reconnaissance, and automating cybercrime operations. The criminal use of LLMs lowers the barrier to entry for less-skilled attackers and enables more efficient execution of threat campaigns, highlighting the dual challenge of securing enterprise LLM deployments while monitoring their abuse in the cybercriminal ecosystem.
Mar 21, 2026
Risks of Over-Reliance and Human Factors in Large Language Model Security
The widespread adoption of large language models (LLMs) in enterprise environments has introduced significant security challenges, particularly due to the tendency to over-rely on their outputs and the normalization of risky behaviors. Experts warn that treating LLMs as reliable and deterministic can lead to systemic vulnerabilities, as these models are inherently probabilistic and can be manipulated through techniques such as indirect prompt injection. This normalization of deviance—where unsafe practices become accepted due to a lack of immediate negative consequences—mirrors historical safety failures in other industries and is exacerbated when vendors make insecure design decisions by default. In addition to technical risks, human factors play a critical role in LLM security. Employees may inadvertently expose sensitive data by pasting it into public LLMs, blindly trust AI-generated outputs, or bypass security policies for convenience, making internal misuse a primary concern. While technical controls such as AI governance and access restrictions are important, organizations must also prioritize security awareness training to address the human side of LLM risk. Building a culture of responsible AI use is essential to mitigate both external threats and internal errors associated with LLM deployment.
Mar 21, 2026
Security Risks and Attacks Targeting Large Language Model (LLM) Services and AI Integration Protocols
Attackers have increasingly targeted exposed large language model (LLM) services and the protocols that enable their integration, such as the Model Context Protocol (MCP). GreyNoise researchers observed nearly 100,000 attack sessions against public LLM endpoints, with campaigns probing for misconfigured proxies and server-side request forgery vulnerabilities to map the expanding AI attack surface. These attacks, which included methodical enumeration of OpenAI-compatible and Google Gemini endpoints, highlight the growing risk as enterprises move LLM deployments from experimental to production environments. Security experts warn that such enumeration efforts are likely precursors to more serious exploitation, emphasizing the need for organizations to secure exposed LLM endpoints and monitor for abnormal access patterns. The Model Context Protocol (MCP), designed to facilitate seamless integration between LLMs and external tools, has also been identified as a double-edged sword. While MCP enables powerful automation and workflow enhancements, it extends the attack surface by embedding trust in external products and services, making it susceptible to exploitation by adversaries who manipulate context layers and metadata. Security leaders, such as Block's CISO, stress the importance of applying least-privilege principles and rigorous red-teaming to AI agents and integration protocols, recognizing that both human and machine actors can introduce significant risks. As LLMs and AI agents become ubiquitous in enterprise environments, organizations must adapt their security frameworks to address these novel attack vectors and integration challenges.
Mar 21, 2026